EU: EBA Final Report on Guidelines on the management of ESG risks - financial institutions must prepare to comply

Following its consultation in early 2024, on 9 January 2025, the European Banking Authority (EBA) published its Final Report setting out its Guidelines in the management of ESG risks (see our blog on the earlier consultation here).  

These guidelines set out requirements for the internal processes and ESG risks management arrangements that financial institutions should have in place and have been developed to address the EBA’s mandate specified in paragraphs (a), (b), and (c) of Article 87a(5) of the Capital Requirements Directive VI (CRD VI) and in line with its roadmap on sustainable finance.

In its report, the EBA stressed the increasing significance of ESG risks, which can challenge the safety and soundness of institutions and may affect traditional financial risk categories such as credit, market, operational and reputational risks, and addressing this is the key focus of the Guideline

What do the Guidelines cover?

The Guidelines specify robust governance arrangements financial institutions need to have in place in accordance with Articles 87a(1) and 74 of (CRD IV) covering:

• The minimum standards and reference methodologies for the identification, measurement, management, and monitoring of ESG risks, in accordance with Article 87a(5)a) of the CRD IV. the guidelines go into granular detail and among other things cover the following: 
  • The expectation that institutions regularly perform institution-specific materiality assessments of ESG risks (at least every year (or in the case of small and non-complex institutions (SNCIs) every two years) or more frequently in the case of material change to the business environment).  
  • The expectation that the scope of the materiality assessment should reflect the nature, complexity and size of the institutions activities, portfolio services and products, and the impact of ESG risks should be considered on all traditional financial risk categories to which they are exposed.
  • The expectation is that institutions should develop a robust and sound approach to managing and mitigating ESG risks over the short and medium term, and over a long-term horizon of at least 10 years.
  • Institutions are expected to monitor a range of backward and forward looking ESG risk metrics and indicators, and implement robust internal reporting systems that convey appropriate information and aggregated data to senior management and the management body.
        
• Qualitative and quantitative criteria for the assessment of the impact of ESG risks on the risk profile and solvency of institutions in the short, medium, and long term, in accordance with Article 87a(5)c) of the CRD IV.
      
• The content of plans to be prepared in accordance with Article 76(2) of the CRD IV by the management body, which includes specific timelines and intermediate quantifiable targets and milestones, in order to monitor and address the financial risks stemming from ESG factors, including those arising from the process of adjustment and transition trends towards the relevant Member States and EU regulatory objectives in relation to ESG factors, in particular the objective to achieve climate neutrality by 2050 as set out in Regulation (EU) 2021/1119, as well as, where relevant for international active institutions, third country legal and regulatory objectives, in accordance with Article 87a(5)b) of that Directive.  Institutions are expected to document their plans including their methodologies, assumptions, criteria, targets and actions planned to reach targets, along with performed and scheduled revisions. Institutions should specify the scope of risks captured by each part of the plan, e.g. whether it applies to environmental, social or governance risks, and should ensure that all aspects of the plan address at least environmental risks. Large institutions are expected to ensure that their plans at least include the following aspects:

• Strategic objectives and roadmap of the plans (including high level overarching strategic objective to address ESG risks and a comprehensive set of long-term goals with intermediate milestones to ensure resilience of the business model towards ESG risks);
• Targets and Metrics
• Governance
• Implementation strategies
• Engagement Strategy

An annex in the EBA report sets out, for each key content requirement, some examples references and potential metrics that institutions may consider as they structure and formalise their plans.

Timeline
The guidelines will apply to most banks and financial institutions from 11 January 2026. However, small and non-complex institutions will have until 11 January 2027 to comply.

You can find the full EBA report here.